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REMARKS 

ll^Jf9 The following remarks are made in response to the Final OfSce Action mailed 

November 3, 2004, Claims 1-24 were rejected. With this Response, no claims have been 
amended. Claims 1-24 reaiain pending in the applicatioD and are presented for 
reconsideration and allowance. 
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Claim Rejections under 35 U.S.C. §102 

The Examiner rejected claims 1-24 under 35 U.S.C. § 102(b) as being anticipated by 
Mahon et al. U.S. Patent No. 4,809,160, 

Applicants snbmit that the Mahon et al. Patent does not teach or suggest the invention 
of independent claim 1 . 

The Mahon et al. Patent discloses a low overhead way for insuring that only routines 
of sufficient privilege can execute on a secured page of memory in a hierarchical computer 
system, and for raising the privilege level of a low privilege process in an orderly and secure 
way. This is done though the execution of a single "gateway^' branch instruction standing 
between a procedure call by a lower privilege routine, such as a user program, and an 
operating system itself. (See Abstract). An instruction unit 20 contains a low privilege 
routine that requires a procedure call to a higher privileged service routine. The instruction 
unit 20 seeks this higher privileged routine by addressing a translation look aside buffer 
(TLB) 30 to determine the location in ia physical memory 40 containing an appropriate entry 
point of a gateway instruction. The TLB 30 calculates the address of the desired entry point 
within the physical memory 40 and a gateway instruction located at the calculated address is 
then transmitted from the physical memoiy 40 to the instruction unit 20, to an execution imit 
60, and to a physical target register 70. A return address for returning from the high^ 
privileged service routine is then stored in the target register 70 by the instruction unit 20. 
The TLB 30 then checks the access rights of the calling instruction. If execiite access is 
denied by the TLB 30, a software trap is transmitted from the TLB 30 to the iostmction unit 
20 to halt execution of the gateway instruction in the execution unit 60. If execute access is 
allowed by the TLB 30, and no delayed taken branch is pending, the gateway instruction 
saves the actual privilege level of the calling routine in target register 70, and raises the 
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privilege level of the calling routine to the privilege level specified within the page type field 
412 of the TLB entry for the page containing the gateway instruction, and a target address for 
branching to a call routine is calculated. A target instruction located at the target address is 
then fetched from the physical niemory 40 for use in the instruction unit 20 and execution of 
the called service routine having a desired higher privilege proceeds in the execution unit 60. 
After the finally called service routine is completed, the execution unit 60 reads the return 
address stored in the target register 70 and returns to the calling routine at the specified return 
address with the original lower privilege stored in the target register 70. (See column 3. line 
16 - column 4, line 6). 

AppUcants submit that the Mahon et al. Patent does not teach or suggest the method 
of promoting a cuixent privilege level of a processor of a computer system controlled by an 
operating system of independent claim 1, the method of executing instructions in a computer 
system controlled by an operating system of independent claim 6, the computcar system of 
independent claim 12^ the computer system of independent claim 1 7, or the computer 
readable medium containing a privilege promotion instruction for controlling a computer 
system of independent claim 23. The Mahon et al. Patent specifically fails to disclose the 
limitations of independent claims 1, 6, 12, 17, and 23 of reading a stored previous privilege 
level state; comparing the read previous privilege level state to the current privilege 
level; and if the previous privilege level state is equal to or less privileged than the 
current privilege Ievel> promoting the current privilege level to a second privilege level 
which is higher than the first privilege level. 

The Examiner asserts that comparing the read previous privilege level state to the 
current privilege level, is equivalent to the "Compare," "Access = OK?" of the Mahon et aJ. 
Patent. The compare in the Mahon et al. Patent is referring to the comparison of the read 
access rights of the calling routine and the read access rights of the page containing the 
gateway instruction, not to comparing the previous privilege level state to the current 
privilege level as recited in claims 1,6, 12, 17> and 23. The Mahon et al. Patent does not 
compare a previous privilege level state to a current privilege level. 

The gateway uistruction in the Mahon et al. Patent rcsaves the actual privilege level of 
the calling routine in the two low order bits of target register 70 to rule out forgery by the 
calling routine, (Column 3, lines 52-55). Tlie gateway instruction disclosed in the Mahon et 
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al. Patent is described in the Background of the Invention section of the present application. 
As stated in the Background section, one type of special privilege promotion instruction is the 
PA-RISC gateway instruction. If the gateway instruction is genuine, then the previous 
privilege level state recorded by the gateway instruction can be trusted. Typically, the 
gateway instruction is guaranteed to be genuine by employing normal virtual memory 
protection mechanisms to ensure that the gateway instruction is stored on a memory page 
which cannot be written at the lower privilege level(s). 

Even though any information recorded at a lower privilege level cannot be trusted and 
must be checked at a higher privilege level, the gateway instruction being placed on a 
memory page which cannot be written at the lower privilege level and the gateway instmction 
recording the previous privilege level state permits the previous privilege level state to be 
trusted. However, the gateway instruction writing the previous privilege level state typically 
requires special processor data paths and control logic not required for any other purpose. In 
addition, any state for the privilege promotion written at a lower privilege level rather than by 
the gateway instruction requires extra system instructions executing at the higher privilege 
level to check the validity of the state written at the lower privilege level, thus lowering the 
perfoimance of the privilege promotion. 

By contrast, in an example embodiment described in the present specification which 
illustrates the operation of the invention claimed in independent claims 1, 6, 12, 17, and 23, 
the call instmction performed by application program 56 is made to memory page 58 
containing privilege promotion instruction 62^ and memory page 58 is protected from being 
vmtten by application program 56 at the lower privilege level by normal virtual memory 
protection mechanisms. If the privilege promotion instruction succeeds, higher privileged 
routine 60 is guaranteed that the privileged infonnatjon saved by the call instruction can be 
trusted, because the privilege promotion instruction performed by operating system 36 checks 
whether the previous privilege level state in PFS.ppl field 70 is equal to or less privileged 
than the current privilege level in PSRxpl field 52 prior to promoting the current privilege 
level- 

The invention claimed in independent claims 1,6, 12, 17, and 23 overcomes the 
limitations of the gateway instmction. The gateway instmction described in the Mahon et al. 
Patent and in die Backgroimd of the Invention section of the present specification employs a 
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privilege promotion instruction whidi itself records the previous privilege level 3tate. Since 
the privilege promotion instruction according to the invention claimed in independent claims 
1 , 6, 12, 17, and 23 does not write the previous privilege level state, no special data paths or 
control logic are required to implement a privilege promotion mechanism according to the 
claimed invention. In addition, since the privilege promotion instruction according to the 
invention claimed in mdepcndent claims 1, 6, 12, 17, and 23 checks the validity of the 
previous privilege level state written at the lower privilege level, such as by application, 
program 56, no additional instructions are required at the higher privileged level routine 60 to 
perfbmi these checks, resulting in increased performance. 

Consequently, the gateway instruction of the Mahon et al. Patent provides protection 
checking by the gateway instruction itself saving the original privilege level of the calling 
routine. In contrast, the invention claimed in independent claims 1,6, 12, 17, and 23 . 
' provides protection checking by comparing the previous privilege level state to the current 

privilege level, and promoting the current privilege level only if the previous privilege level 
state is equal to or less privileged than the current privilege level. 

Dependent claims 2-5 further define patentably distinct independent claim 1. 
Dependent claims 7-1 1 further define patentably distinct independent claim 6. Dependent 
claims 13-16 further define patentably distinct independent claim 12. Dependent claims 18- 
22 further define patentably distinct independent claim 17. Dependent claim 24 further 
defines pataitably distinct independent claim 23. • Accordingly, dependent claims 2-5, 7-11, 
13-16, 18-22, and 24 are also believed to be allowable over the art of record- 
In view of the above, Applicants respectfully request that the 35 U.S.C. § 102 
rejections to claims 1-24 be removed and that claims 1-24 be allowed. 

CONCXUSTON 

In view of the above. Applicant respectfully $ubmits that pending claims 1-24 are in 
form for allowance and axe not taugjit or suggested by the cited references. Therefore, 
reconsideration and withdrawal of the rejections and allowance of claims 1-24 is respectfully 
requested. 
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Any inquiry regarding this Amendment and Ri 
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No fees are required under 37 C.F.: I. 1 . 1 6(b)(c|. However, if such fees are required, 

the Patent Office is hereby authorized to cliarge Deposit Accoimt No. 08-2025, 

|i 

The Examiner is invited to contact the Applicant's representative at the helow-listed 
telephone numbers to facilitate prosecutioiji of this application. 



eLpons 



e should be directed to eith^ 



David A. Pletter at Telephone No. (408) 447-3013, Facsimile No. (408) 447-3013 or Patridc 
G. Billig at Telephone No. (612) 573-2003, Facsimile No. (612) 573-2005. In addition, all 
correspondence should continue to be.directed to the following address: 

Hewlett-Packard Company 

Intellectual Property Administration 
P.O.Box 272400 

Fort Collins, Colorado 80527-2400 

Respcctfidly submitted. 

Dale C. Morris et al.. 

By their attorneys, 

DICKE, BILLIG & CZAJA> PLLC 
Fifth Strck Towers, Suite 2250 
100 SoutJi Fifth Street 
MinneapcJlis, MN 55402 
Telephone: (612) 573-2003 
Facsimil4-(64^) 573-2005 



Date: 
PGB: kle 





PafrickG. Billig 
Reg, No. 38,080 



t:HR'I'iMCATE UNDER 37 CJ-R. 1.8 : The undersigned hereby certifies that this paper or papers, as described herein. 



are being transmitted by facsimile to Examiner Midys Inoa, Primaiy Examiner Art Unil 21 88, of the Paient and 
Trademark Office, at (703) 872-9306on this day 
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